client server(maybank)

8/13/2019 Client Server(Maybank)

1/24

MULTIMEDIA UNIVERSITY

CLIENT-SERVER COMPUTING

TCS 3191

Client-Server Proposal for Maybank

LECTURER:

DR. LEW SOOK LING

PREPARED BY

Name Matrix Number

Abdul Fatah MohamadAdrian O'neil Stephen

1111112567

1071117045

Muhammad Idham Mokhter 1091106010

Mohd Aiman Abdul Halim 1101110632

Hazwan Burhanudin 1091106280


2/24

1.0 Background of the company

Overview

Maybank is among the top 5 banks in South East Asia with total assets of more than USD 150

billion. It has an international network of over 2,200 branches and offices in 20 countries,

employing 46,000 employees who serve over 22 million customers.

About

Maybank was established in 1960, and today is the largest company by market capitalisation on

the Malaysian Bourse (Bursa Malaysia). It is ranked first among listed Malaysian companies and

among the top 500 companies in the Forbes Global 2000 leading companies of the world.

The Maybank Group offers a comprehensive range of products and services that includes

commercial banking, investment banking, Islamic banking, offshore banking, leasing and hire

purchase, insurance, factoring, trustee services, asset management, stock broking, nominee

services, venture capital and Internet banking.

Maybanks mission is to humanise financial services across Asia, by providing access to

financial services to the people at fair terms and pricing, and to be always at the heart of the

community.

Vision

To be a regional financial services leader.

MissionThey want to humanize financial services across Asia by:

I. Providing the people with convenient access to financing

II. Having fair terms and pricing

III. Advising customers based and on their needs

IV. Being at the heart of community


3/24

Figure 1: Maybank Company

Maybank2U Homepage


4/24

2.0 The companys business operation.

I. Maybank operates consumer banking, business and corporate banking as well as private

banking services, through a network of 401 branch offices and more than

2,900automated teller machines in Malaysia. The company operates 22 branches in

Singapore providing a full range of banking and financial products and services.

Maybank, through Maybank Philippines Incorporated, has 55 branches in the Philippines

and also has a banking presence in most of the otherSoutheast Asian markets, including

Brunei, Papua New Guinea, Indonesia, Cambodia, Vietnam and Laos. The bank also

operates branches in New York, London, Hong Kong and Bahrain.

II. Beside its commercial banking network, Maybank operates a number of specialized

subsidiaries in the insurance, investment banking and assets management, and financesectors. The group's subsidiaries include Etiqa Insurance and Etiqa Takaful which

provides conventional and Shariah-compliant insurance products respectively, and

Maybank Investment Bank which is the Group's investment banking division following

the acquisition of Mayban Discount and Mayban Securities. Maybank was the first

Malaysian bank granted the right to establish a branch office in China.

III. The companys website service are :

a. Account Summary: Account Details, Today's Transaction, Transaction History

(last 60 days) and M2U History ( Last 30 days)b. Cheque Services: Cheque status, stop cheque, request for cheque book

c. Registered Bill Payment: Pay Over 500 bills and make future payments, enquire& cancel future payment.

d. Fund transfer: Own Account, Favourite 3rd Party, Favourite Interbank GIRO,

Favourite FTT, enquire & cancel future transfer

e. Bills & Statement: CASA, Advices & Notices, Bills (TNB, Telekom, DiGi)

f. Utilities: Change M2U Biz password

g. Mobile banking (M2U mobile): Account Summary, Registered Bill Payment,

Favourite Fund Transfer, View Forex & Deposit rates

h. Online viewing of Foreign Currency Account (FCA) and Master ForeignCurrency Account (MFCA).
http://en.wikipedia.org/wiki/Automated_teller_machinehttp://en.wikipedia.org/wiki/Southeast_Asianhttp://en.wikipedia.org/wiki/Southeast_Asianhttp://en.wikipedia.org/wiki/Automated_teller_machine


5/24

3.0 Client Side

PLATFORM

We propose to use Microsoft Windows and Unix based operating system as a platform for our

system in normal browser. For mobile application, we propose to use Android and iOS (Apple)based operating system.

APPLICATION

Online electronic banking systems give everybody the opportunity for easy access to their

banking activities. These banking activities may include retrieving an account balance, money

transfers between a users accounts, from a users account to someone else account, and retrieving

an account history. As technology evolves, different kinds of electronic banking systems

emerge, each bringing a new dimension to the interaction between clients and Maybank. TheAutomated Teller Machine (ATM) is the first well known system that was introduced to

facilitate the access of the user to their banking activities. The user can perform some of the

transactions mentioned above via a graphical user interface. These are transmitted to the banks

computer system with which the device has established a communication link. The next propose

is the introduction of phone banking, users can use the phone keypad to perform banking

operations. The Internet offers a new alternative to the phone banking system. By means of a

more sophisticated and user friendly interface, a browser or a dedicated standalone application,

people can use the Internet to connect to the bank computer system. Electronic devices are

constantly getting smaller, while their functionality is extending. Now, mobile phones even offer

the possibility to perform electronic banking.

Example of normal browser for online banking Example of mobile banking application


6/24

PROCESS

Basic architecture of an Internet electronic banking system there are two participating entities

which is the client and the bank. When the user has a PC with a network connection, the most

common way to communicate with the Maybank is via a Web browser. The standard protocol for

communication between the browser and the banks Web server is then used. It is often referred

to as HTTPS, which is the HTTP protocol on top of a security layer HTTP is the communication

language of the WWW.

To avoid the problem of distribution and installation of extra software on the clients computer,we propose to deploy an intermediate solution. An ordinary browser is used at the client side, but

to increase the functionality, a Java applet is downloaded from the Maybank website. This applet

is a relatively small piece of software code that runs within the users browser, and that will

provide extra security functionality. A big advantage of this approach is that the applet

technology allows the bank to easily maintain and update the client software. Clients will

automatically download and use new versions of the software. Banks do not need to distribute

new software in an old fashioned way.


7/24

CONFIGURATION

We propose more security functionality than an ordinary browser is able to provide. This extra

security functionality included strong cryptography by using HTTPS, due to the normal transfer

protocol like HTTP traffic is very insecure and all data is transferred in clear text, the

authentication User ID or Password will be transmitted as clear text as well. This creates a

problem. Anyone can sniff these User ID or Password and gain access to server. To prevent this

we have to encrypt HTTP traffic, essentially HTTP with Secure Socket Layer (SSL) or as known

as HTTPS. Anything transferred over HTTPS is encrypted, so the user ID and Password cannot

be easily deciphered. HTTPS runs on port 443.

Step to configure SSL

SSL (Secure Socket Layer) is a protocol layer that exists between the Network Layer and

Application layer. There are three kinds of cryptographic techniques used in SSL which are

Public-Private Key, Symmetric Key, and Digital Signature.

1. The client request content from the Web Server using HTTPS.

2. The web server responds with a Digital Certificate which includes the server's public key.

3. The client checks to see if the certificate has expired.

4.

Then the client checks if the Certificate Authority that signed the certificate, is a trustedauthority listed in the browser. This explains why we need to get a certificate from a

trusted Certificate Authority.

5. If everything is successful the SSL connection is initiated.

Public-Private Key Cryptography

The Web server holds the private Key, and sends the Public key to the client in the Certificate.

Symmetric Cryptography

After the SSL connection has been established, Symmetric cryptography is used for encrypting

data as it uses less CPU cycles. In symmetric cryptography the data can be encrypted and

decrypted using the same key. The Key for symmetric cryptography is exchanged during the

initiation process, using Public Key Cryptography.


8/24

Encryption Process

1. In this step the Original "Clear Text" message is encrypted using the Sender's Private

Key, which results in Cipher Text 1. This ensures the Authenticity of the sender.

2. In this step the "CipherText 1" is encrypted using Receiver's Public Key resulting in

"CipherText 2". This will ensure the Authenticity of the Receiver i.e. only the

Receiver can decipher the Messsage using his Private Key.

3. Here the SHA1 Message Digest of the "Clear Text" is created.

4. SHA1 Message Digest is then encrypted using Sender's Private Key resulting in the

Digital Signature of the "ClearText". This Digital Signature can be used by the

receiver to ensure the Integrity of the message and authenticity of the Sender.

5. Step5: The "Digital Signature" and the "CipherText 2" are then send to the Receiver.


9/24


10/24

SYSTEM AND HARDWARE REQUIREMENT

Hardware Requirement:

Intel Pentium 4 Processor or higher

120 GB hard disk or higher

1GB MB RAM.

Monitor.

Keyboard.

Supported Browsers:

1. Chrome

2. Firefox3. Safari (not supported on Windows)4. Internet Explorer

Desktop:

For Windows

1. Windows Vista2. Windows XP3. Windows 7

4. Windows 8

For Mac

1. Mavericks (10.9)2. Mountain Lion (10.8)3. Lion (10.7)4. Snow Leopard (10.6)

Mobile and tablet:

For Android phones or tablets

1. Eclair and up (Android 2.1+)

For iPhone or iPad

1. iOS 5.0+


11/24

4.0 Middleware side.

PLATFORM

The most suitable platform to be used for banking portal such as MayBank shall be Service

Oriented Architecture(SOA). The Service Oriented Architecture(SOA) is used to restrict the

customer access for services only it is implement due to security purposes. Moreover, the

purpose of SOA is to enable the function especially for large software applications that in this

case, it is an online banking portal, which means there will be thousands of services provided.

Service orientation is also platform independent and has support for stateless communication

model. A stateless communication protocol treats each request independent transaction that is

unrelated to any previous request that fit really well with the required specifications as

middleware for online banking portal.

APPLICATION

Oracle database is known for any mission-critical commercial applications and online banking

portal is considered as one. Oracle provides Flashback Database, Table , Query , and Transaction

that fits really well with the needs of the entire framework . Since online banking portal database

will be very heavy , so oracle will be preferred as the applications . And then to piece it all

together , the application will be written in java as it is supported by Apache Struts web

framework . Web applications differ from conventional websites that only deliver static pages .

A website is a dynamic web application can react and interact with databases and business logic

engines to customize client server response , and Apache Struts is a specialized solution for

creating Java web applications . Moreover, by using java naturally allows the use of object-

oriented architecture . Since java is , the tools that will be used will be java SDK using the

command line and notepad to code . Alternative java IDE like Eclipse can be used as well, and in

this case, the eclipse has native support for developing web applications ; apache struts included.

STUB

RPC allows the implementation of client / server distributed system that allow customers to

connect to the remote server and request one of the services provided by the server. Both client

and server stubs will be attached to the middleware, in a way; middleware acts as an important


12/24

part for the RPC happens. Since the environment will be java so it will invoke a call method and

not the procedure call; it is also called all the Java RMI (Remote Method Invocation). Java RMI

principle is similar to RPC which allows access to remote objects, allowing an extension of the

local environment with using dynamic code loading.

HARDWARE

Middleware hardware is actually a software because it is usually doesn't need any specialized

hardware. It is used to connect two application in this case the middleware is used to connect

client and server and passes data among them. The middleware exists is in both of the client and

server machine. It includes needed API for client to server and send request back to client from

server.


13/24

PROCESS

Since this is an online banking portal where security is critical, the process is done

simultaneously which explains all the previous implementation. In RMI, when a method calls

another, it must wait for the called method to return before it can do any other job. Middleware

functions partly as a super-linker, finding a method that is called in the network and use network

services to pass a parameter or a function to the procedure and then return back the results.

CONFIGURATION

The Banking Portal will run entirely on the Struts framework, so all applications are stored on

the server side that includes web hosting will be placed inside the apache tomcat. Instead,

customers will have access to using JavaServer Pages (JSP) that is stored on servers and linked

by the Apache Struts framework. The middleware will play a role in use by customer demand,

which acts as a temporary database for cases such as a monthly summary of the transaction as an

example and change the relay, finally processed by the server back to the client JSP to be seen.

Below shows a general framework Apache Struts framework.

The Struts Architecture

As seen in the diagram above, the middleware is generally the controller Servlet that are defined

in the struts-config.xml file and the Business Logic that contains action scripts to invoke the

model which is in the server.


14/24

Sample of struts-config.xml file

SN Interceptor & Description

1struts-config

This is the root node of the configuration file.

2

form-beans

This is where you map your ActionForm subclass to a name. You use this name as an alias for your

ActionForm throughout the rest of the struts-config.xml file, and even on your JSP pages.

3global forwardsThis section maps a page on your webapp to a name. You can use this name to refer to the actual

page. This avoids hardcoding URLs on your web pages.

4action-mappings

This is where you declare form handlers and they are also known as action mappings.

5controller

This section configures Struts internals and rarely used in practical situations.

As you can see, the HelloActionForm.java file is located in the server and the index.jsp is the

clients request page. The middleware will take these information in the .xml and invoke the

HelloWorldActionForm. java method in the server when index.jsp is accessed and then the string

hello world will be relayed to the helloWorld.jsp from the .java file. on the clients browser,

the index.jsp is now replaced with helloworld.jsp and the string hello world will appear on

screen.


15/24

5.0 Server side.

PLATFORM

For the server side, we propose for the server side to use Oracle engine as the base platform. For

a banking portal, Oracle Server is a very stable, fast, extremely popular and affordable database

engine. There is a tremendous amount of support and resources available on the web and from

Information Technology (IT) providers. Plus, its relatively easy to work with.

APPLICATION

For application, it is better to use Oracle because of its database capabilities. Oracles

Application Server consists of an integrated, standards-based software platform. The Oracle

Application Server configurations are designed to ensure security of all transactions, maximize

hardware resources, and provide a reliable, standards-compliant system for enterprise computing

with a variety of applications.

HARDWARE

The specific hardware used for Server deployment can vary, depending on size and usage

requirements. These are the recommended hardware for the server.

CPU : 64-bit dual processor, hex-core, 2.26 gigahertz (GHz) or higher

Memory : 32 gigabytes (GB)

Disk : 8 or more 10,000 RPM hard disk drives with at least 72 GB free disk space. Two

of the disks should use RAID 1, and six should use RAID 10.

Network: 1 dual-port network adapter, 1 Gbps or higher (2 recommended, which requires

teaming with a single MAC address and single IP address)


16/24

PROCESS

Oracle Database creates server processes to handle the requests of client processes connected to

the instance. A client process always communicates with a database through a separate server

process.

Server processes created on behalf of a database application can perform one or more of the

following tasks:

Parse and run SQL statements issued through the application, including creating

and executing the query plan (see "Stages of SQL Processing")

Execute PL/SQL code

Read data blocks from data files into the database buffer cache (the DBW

background process has the task of writing modified blocks back to disk)

Return results in such a way that the application can process the information

Configuration

Since the server uses Oracle, the steps for configurations are:

Basic Initialization Parameters

Cloning Databases Using DBCA

Database Usage Statistics

Basic Initialization Parameters

The following parameter basic parameters that needs to be adjusted:

CLUSTER_DATABASE

COMPATIBLE

CONTROL_FILES

DB_BLOCK_SIZE

DB_CREATE_FILE_DEST

DB_CREATE_ONLINE_LOG_DEST_n

DB_DOMAIN


17/24

DB_NAME

DB_RECOVERY_FILE_DEST

DB_RECOVERY_FILE_DEST_SIZE

DB_UNIQUE_NAME

INSTANCE_NUMBER

JOB_QUEUE_PROCESSES

LOG_ARCHIVE_DEST_n

LOG_ARCHIVE_DEST_STATE_n

NLS_LANGUAGE

NLS_TERRITORY

OPEN_CURSORS

PGA_AGGREGATE_TARGET

PROCESSES

REMOTE_LISTENER

REMOTE_LOGIN_PASSWORDFILE

ROLLBACK_SEGMENTS

SESSIONS

SGA_TARGET

SHARED_SERVERS

STAR_TRANSFORMATION_ENABLED

UNDO_MANAGEMENT

UNDO_TABLESPACE


18/24

Cloning Databases Using DBCA

After the above parameters have been adjusted, databases need to be cloned using DBCA:

The "Template Management" section of the Database Configuration Assistant (DBCA) can be

used to clone databases. The following method creates a clone of and existing database including

both the structure and the data.

Start the Database Configuration Assistant (DBCA).

On the "Welcome" screen click the "Next" button.

On the "Operations" screen select the "Manage Templates" option and click the "Next"

button.

On the "Template Management" screen select the "Create a database template" option

and select the "From and existing database (structure as well as data)" sub-option then

click the "Next" button. On the "Source database" screen select the relevant database instance and click the

"Next" button.

On the "Template properties" screen enter a suitable name and description for the

template, confirm the location for the template files and click the "Next" button.

On the "Location of database related files" screen choose either to maintain the file

locations or to convert to OFA structure (recommended) and click the "Finish" button.

On the "Confirmation" screen click the "OK" button.

Wait while the Database Configuration Assistant progress screen gathers information

about the source database, backs up the database and creates the template.

By default the template files are located in the "$ORACLE_HOME/assistants/dbca/templates"

directory.

Database Usage Statistics

Database usage statistics helps us to monitor database usage statistics. :

DBA_HIGH_WATER_MARK_STATISTICS - Displays high waternmark statistics

(db_usage_hwm.sql).

DBA_FEATURE_USAGE_STATISTICS - Displays database feature usage statistics

(feature_usage.sql).

This information can be viewed in Enterprise Manager (Administration > Database Usage

Statistics). The page gives you access to both types of usage statistics.


19/24

ARCHITECTURE

For this assignment, we will use a dedicated server as its architecture. In dedicated server

architecture, the server process created on behalf of each client process is called a dedicated

server process (or shadow process). This server process is separate from the client process and

acts only on its behalf.

Oracle Database Using Dedicated Server Processes

As seen on the figure above, a one-to-one ratio exists between the client processes and server

processes. Even when the user is not dynamically making a database request, the dedicated

server process remains, although it is inactive and can be paged out on some operating systems.

The figure shows user and server processes running on networked computers. However, the

dedicated server architecture is also used if the same computer runs both the client application

and the database code but the host operating system could not maintain the separation of the two

programs if they were run in a single process. Linux is an example of such an operating system.

In the dedicated server architecture, the user and server processes communicate using different

mechanisms:

If the client process and the dedicated server process run on the same computer, then the

program interface uses the host operating system's interprocess communication

mechanism to perform its job.


20/24

If the client process and the dedicated server process run on different computers, then the

program interface provides the communication mechanisms (such as the network

software and Oracle Net Services) between the programs.


21/24

6.0 Sample Maybank banking clients request up to servers reply scenario

Automated Teller Machine(ATM)

As we all know, Maybank is a multinational company, which involve in banking industry. The

company communicates with millions of client every day. Here author want to show some

scenario involving client server communication using Automated Teller Machine (ATM).

Figure 1.1 : Automated Teller Machine (ATM) Scenario

Figure 1.1 shows the Automated Teller Machine (ATM) Scenario. Client of Maybank

Company will use this Automated Teller Machine (ATM) as mechanism to connect to the server. This

ATM will acts as client system interface. When client make the transaction with bank, this ATM will

connect to the bank account server. In the server side, its contain Tele-processing monitor which control

the transaction. Inside the account server also have the customer account database which will reply the

client request to the client. The client will get the reply message through ATM machine.


22/24

Internet Banking System

Nowadays, Internet banking system is the most popular ways that people use when they make

the transaction. This Internet banking is a system that allowing individuals to perform banking

activities at home, via the Internet. Figure 1.2 below show the Internet banking scenario.

Figure 1.2 : Internet Banking System Scenario

Figure 1.2 show the internet transaction processing which involving client server

system architecture. Client will use their computer or what ever device that can connect to thebank URL website htttps://www.maybank2u.com.my. By using Secure Socket Layer (SSL), it

will make the connection between client and server become more secure. After that, client will

have the HTTPS interaction with the web server which contain account service provision. This

web server will connect to database server using SQL query to have accessed to customer

account database. This database server will reply the request make by client. Client will get the

message after the server make HTTPS interaction back to the client.


23/24

SUMMARY

As in a nutshell, we manage to complete this proposal successfully by following all the

requirements. For client side, operating system like windows and Unix become the major

platform to the client side to view it in web browser. Client that normally use mobile phone to

do the transaction, author has suggest that iOS and Android is the most suitable operating

system. To connect to the web browser, Secure Socket Layer (SSL) is highly recommended. For

middleware, we suggest that Maybank should use Service Oriented Architecture (SOA) which

restrict customer access for service only it is implement due to security purposes. For the server

side, author has proposed to user Oracle engine as the base platform. The main reason is because

it is very fast, stable and extremely popular among the users.

We got the opportunity learn deeper about the client/server environment for a client

server system especially in banking industry called Maybank. Special thanks to our lecturer Ms.

Lew Sook Ling who guided us for this assignment throughout this semester. Not to forget to all

group members who have put all their efforts for this assignment.


24/24

REFERENCES:

1. The Struts Architecture :

http://www.onjava.com/pub/a/onjava/2005/11/02/what-is-struts.html?page=3

2.Sample Of struts-config.xml File :

http://www.tutorialspoint.com/struts_2/struts_configuration.htm

3.what is SSL:

http://www.digicert.com/ssl.htm

4.Inroduction Of Web Service:

http://acs.lbl.gov/projects/gtg/projects/pyGridWare/doc/tutorial/html/x284.html
http://www.onjava.com/pub/a/onjava/2005/11/02/what-is-struts.html?page=3http://www.onjava.com/pub/a/onjava/2005/11/02/what-is-struts.html?page=3http://www.tutorialspoint.com/struts_2/struts_configuration.htmhttp://www.tutorialspoint.com/struts_2/struts_configuration.htmhttp://www.digicert.com/ssl.htmhttp://www.digicert.com/ssl.htmhttp://acs.lbl.gov/projects/gtg/projects/pyGridWare/doc/tutorial/html/x284.htmlhttp://acs.lbl.gov/projects/gtg/projects/pyGridWare/doc/tutorial/html/x284.htmlhttp://acs.lbl.gov/projects/gtg/projects/pyGridWare/doc/tutorial/html/x284.htmlhttp://www.digicert.com/ssl.htmhttp://www.tutorialspoint.com/struts_2/struts_configuration.htmhttp://www.onjava.com/pub/a/onjava/2005/11/02/what-is-struts.html?page=3

client server(maybank)

Documents